CVE-2018-6593

HIGH

MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation via IOCTL 0x8000204C

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6593. PoCs published by Souhail Hammou.

AI-analyzed exploit summary This exploit demonstrates a local privilege escalation vulnerability in MalwareFox AntiMalware 2.74.0.150 by connecting to an improperly secured filter communication port, registering the process as trusted, and then using an IOCTL to open a full access handle to winlogon.exe to inject and execute shellcode.

Description

An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by connecting to the filter communication port and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges.

Exploits (1)

exploitdb WORKING POC
by Souhail Hammou · clocalwindows
https://www.exploit-db.com/exploits/43973

This exploit demonstrates a local privilege escalation vulnerability in MalwareFox AntiMalware 2.74.0.150 by connecting to an improperly secured filter communication port, registering the process as trusted, and then using an IOCTL to open a full access handle to winlogon.exe to inject and execute shellcode.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: MalwareFox AntiMalware 2.74.0.150
No auth needed
Prerequisites: MalwareFox AntiMalware 2.74.0.150 installed · Local access to the system
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43973/

Scores

CVSS v3 7.8
EPSS 0.0034
EPSS Percentile 57.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (1)
malwarefox/antimalware 2.74.0.150
Published Feb 03, 2018
Tracked Since Feb 18, 2026